<?php

/*

COMP 353F
Dr. B Desai
Final Project
Group #11

6330746 Nicholas CONSTANTINIDIS
9532862 Jacqueline FU
5484537 Claudio Javier LOPEZ FLORES
9218416 Que Tung NGUYEN

*/

  session_start();
?>

<!DOCTYPE html>
<html lang="en">
<head>
        <title>CoBAGSys - Home</title>
        <link type="text/css" rel="stylesheet" href="css/mystyle.css">
        <script type="text/JavaScript" src="js/validate.js"></script>
        <script type="text/JavaScript">
        <!--
        function ValidateFields() {
	        return ValidateFieldNotEmpty("slick-login", "fname", "first name")
	        && ValidateFieldNotEmpty("slick-login", "lname", "last name")
	        && ValidateFieldNotEmpty("slick-login", "location", "location")
	        && ValidateFieldNotEmpty("slick-login", "ccard", "credit card")
	        && ValidateFieldNumeric("slick-login", "ccard", "credit card")
	        && ValidateFieldNotEmpty("slick-login", "email", "email")
	        && ValidateFieldNotEmpty("slick-login", "password", "password")
	        && ValidateFieldNotEmpty("slick-login", "passwordconfirm", "password confirmation")
	        && ValidateFieldsMatch("slick-login", "password", "passwordconfirm", "The password confirmation does not match the given password")
	        && ValidateFieldNotEmpty("slick-login", "securityQuestion", "security question")
	        && ValidateFieldNotEmpty("slick-login", "securityAnswer", "security answer");
        }
        //-->
        </script>
</head>
<body>
    <?php
      require 'menus.php';
    ?>
    <?php
		// Perform the registration
		$msg_error = '';

		function register() 
                {
			$db = new Connect();
			$fname            = $_POST['fname'];
			$lname            = $_POST['lname'];
			$location         = $_POST['location'];
			$ccard            = $_POST['ccard'];
			$email            = $_POST['email'];
			$pass             = $_POST['password'];
			$pconfirm         = $_POST['passwordconfirm'];
			$securityQuestion = $_POST['securityQuestion'];
			$securityAnswer   = $_POST['securityAnswer'];
  			
			
			//validation
			global $msg_error;			
			if($fname == '' || $lname == '' || $location == '' || $ccard == '' || $email == '' || $pass == '' || $pconfirm == '' || 
$securityQuestion == '' || $securityAnswer == '' )
			{	
				$msg_error = 'Required field can not leave empty';
				return false;
                        }
			
                        // validate if password matches confirm_password
			if($pass != $pconfirm)
			{
				$msg_error = "Confirmed password does not math password";
				return false;
			}

			// validate if email is taken
			$sql = "SELECT * FROM MemberInfo WHERE email = '" . $email  . "'";			
			$result = $db->query($sql);
			if ($result != false && mysql_num_rows($result) != 0)
			{
				$msg_error = "This email [. $email .] was already taken.";
				return false;
			}
			

			// Pass all validation. 
			// Now insert to Guest
			$sql = "INSERT INTO Guest VALUES(" . 
							 "'" . $email . "'," .
							 "'" . $pass  . "'" .
						        ")";
			$result = $db->query($sql);		
			if(!$result)
			{
				return false;
			}			

			// Start to insert member.  DONE: Use the real table name
			$sql = "INSERT INTO MemberInfo (mName,email,mCity,creditCard,securityQuestion,securityAnswer) " .
					    "VALUES (" . 
                                                     "'" . $fname . " " . $lname . "', " . 
                                                     "'" . $email                . "', " .
                                                     "'" . $location             . "', " . 
                                                     "'" . $ccard                . "', " . 
                                                     "'" . $securityQuestion     . "', " . 
                                                     "'" . $securityAnswer       . "'" . 
                                                    ")";
			//echo $sql;
			$result = $db->query($sql);
			if(!$result )  // || mysql_num_rows($result) == 0) // Failed registration
			{
				// delete from insert Guest above
				$result = $db->query("DELETE FROM Guest WHERE email='" . $email  ."'");	
				return false;
			}
			else // New user created
			{
				$db->query("commit");
				return true;
			}
		}
		
		// Check to see if we received post data and perform registration
		// TODO: Check that the password and confirmation match first and check for empty fields
		$registration_failed = null;
		if (isset($_POST["register"]))
			$registration_failed = !register();
    ?>
    <div id="main">
		<form id="slick-login" action="" onsubmit="return ValidateFields();" method="post">
	    	<p class="title">
	    		Register a new account
	    	</p>
<?php
	if ($registration_failed == true)
        {
		print "<p></p><span class=\"error\">REGISTRATION FAILED! " . $msg_error . "</span>" ;
	}
	elseif  (isset($_POST["register"])  && $registration_failed == false)
	{
		print "<p></p><span class=\"error\">REGISTRATION SUCCESS! Please log in to identify your memebership.</span>";
	}
	
?>
	        <input type="text" name="fname" placeholder="First Name">
			<input type="text" name="lname" placeholder="Last Name">
			<input type="text" name="location" placeholder="Location (City)">
			<input type="text" name="ccard" placeholder="Credit Card Number">
			<input type="text" name="email" placeholder="Username (email)">
			<input type="password" name="password" placeholder="Password">
			<input type="password" name="passwordconfirm" placeholder="Confirm password">
			<input type="text" name="securityQuestion" placeholder="Security Question">
            <input type="text" name="securityAnswer" placeholder="Security Answer">
			<p></p>
			<input type="submit" name="register" value="   Register  "/>
        </form>
    </div>
</body>
</html>